The New Privacy Paradigm

Managing risk and reward in the modern age presents unprecedented challenges. Three experts in the field discuss how they think about the upside of taking chances in radically transformative times.

Life moves pretty fast. If you don’t stop and look around once in a while, you could miss it,” the title character famously said to the audience in the final scene of the 1986 classic film Ferris Bueller’s Day Off. He had no idea. His was an era long before cell phones and Twitter, let alone AI/ ML, cloud computing, and ever-changing privacy laws. Like pretty much everyone else in America, Ferris was in sales — in his case, selling the narrative that he was everyone’s best friend and deserved their help and sympathy — even if he didn’t promote himself as a sales professional. And like the best sales leaders, he used every piece of technology available to up his game and stay one step ahead of his competition.

Today’s sales leaders walk a similarly precarious line between risk and reward. Social networks allow companies to find the people they need and to share their messages more broadly than ever before. Next-generation tools such as Slack, Google Docs, and Collective[i] utilize social networking, collaboration, artificial intelligence, and machine learning to allow their users to work together without friction, all the while mitigating mistakes. Cloud-delivered sales applications provide powerful functionality that are replacing on-premises offerings. And nascent technologies bring efficiency, speed, and precision to levels beyond any one salesperson’s ability.

But living in a networked age, where the modern customer sets high expectations and requires extreme personalization, comes with its own set of challenges, especially for those charged with managing risk. As data becomes more mobile and increasingly lives outside the walled gardens of individual companies, legal and security teams, as well as senior executives, are compelled to find the right balance between staying competitive and reducing security and regulatory hazards. It’s not easy, but it’s not impossible.

In early fall, three experts in the field and one legal moderator discussed their own ideas about how they get comfortable with new tools that are becoming essential for sales teams while minimizing risk. Their calculus for determining reward and their best practices for addressing security con- cerns are fascinating — and invaluable.

BY HEIDI MITCHELL 

The Panel

Jeff Teddleton 
Director of Information Security and Compliance at Idaptive, a next-generation single-sign-on security platform. Teddleton drives the compliance processes (most urgently SOC-2), and helps coordinate some of the cybersecurity company’s most pressing security and operations initiatives and activities, ultimately making Idaptive’s service more dependable and secure.

Robert Seamans
Associate Professor at New York University’s Stern School of Business, who served as a Senior Economist at the White House Council of Economic Advisers under the Obama Administration. His research focuses on how technology and governance structures affect strategic interactions between firms, impact incentives to innovate, and ultimately shape market outcomes.

Erica Klipper
Senior Legal Counsel for MongoDB, the leading modern, general-purpose database platform, designed to unleash the power of software and data for developers and the applications they build. She began her career at Cleary Gottlieb Steen & Hamilton LLP, and also served as a law clerk to the Honorable Sandra J. Feuerstein of the United States District Court for the Eastern District of New York .

Moderator: Janis Foo 
Vice President, Legal & Operations at Collective[i], the technology and network used by the world’s leading sales organizations to implement and operationalize AI- enabled sales transformation. Collective[i] is on a mission to help companies around the world better predict, manage, and grow revenue.

Janis Foo: The modern workforce has aligned teams and organizations to adapt and respond in increasingly dynamic environments. However, with this new work environment comes the reality that security threats are also the new normal. How do you balance the need for businesses to adapt to a winner-takes-all world while mitigating the cyber threats to your networked organization?

Erica Klipper: As in-house counsel, my goal is to make decisions that strike the right balance between growing revenue and minimizing exposure to the company. While outside counsel’s advice might be conservative, it is a useful and often necessary input to determining whether the legal risks presented by a new technology outweigh the potential benefits to the business. The important thing is not to rely exclusively on external guidance, but instead to consider it as one piece of the overall puzzle.

Jeff Teddleton: Idaptive is an information security company. My job there is to create a culture of infosec, to educate my peers, and to instill the standard that our vendors are held to the same standards we practice. I must never be afraid to deny a vendor based on a weak security stance. If the company does not measure up, it must agree to chang- es we require or they are not approved for use. In most cases where we find a gap, the vendors are quite willing to make a change as it improves the overall infosec posture of their company. We are always open to learning from our vendor partners as well. Our goal is not to say no, but to find the most effective and secure way to say yes.

Rob Seamans: It is too expensive to rely on a “closed system,” and so most firms must rely on cloud computing and collaboration tools. As you might guess, this increases the importance of having really good cybersecurity.

Janis Foo: We live in a connected age. People are maximizing their networks by using Facebook for advertising, Google for search, LinkedIn for job hunting, Collective[i] for B2B sales and revenue. The benefits to business are enormous in helping to provide a personalized and cost-effective customer experience. Artificial intelligence and ma- chine learning tools, in particular, can augment everything we do. While these companies are known commodities, how do you recognize up-and-comers and get early-adopter advantages?

Jeff Teddleton: I track the industry darlings, unicorns, and trends by reading business and techni- cal publications. I am fortunate to have worked for some of the best SaaS companies and know many of the alums. I network with these colleagues regularly to keep on top of things. My primary focus is productivity and real measurable KPI improvements, not fads. I support the proof-of-concept strategy for giving new, as-yet-proven vendors a try when appropriate, so long as they pass security muster.

Rob Seamans: So far, AI/ML has mostly been used to augment products that firms offer. For example, Gmail now includes a predictive typing feature that uses AI to “guess” at the next several words in sentences that I write. It is a nifty feature — not world-changing or anything like that, but certainly helpful. But, in the future we will see lots more AI in lots more products/services/devices, and we will start to see firms reorganizing themselves in different ways to take advantage of what AI can do. It is still early days.

Janis Foo: Given the incredible value and competitive advantage of AI/ML technologies and tools that leverage large sets of data across industries and companies, it has become increasingly difficult to legitimize keeping your company’s data within your firewall. No company can exist as an island. How do you evaluate the conflicting business risk of being competitive and being safe? Or do you not join a network at all?

Jeff Teddleton: My foremost concern is the security of our company assets and the vendors with which we engage. Idaptive completes a full security review of all new vendors before they are approved for company use. I trust my business owners to select best-of-breed vendors to drive our company revenue and sales growth.

Erica Klipper: Ignoring the technological revolution impacting our economy is the greatest risk of all. Companies can shield themselves from privacy and hacking threats by remaining unplugged, but the tradeoff is being left behind while customers select innovative solutions that leverage informa- tion to drive efficiency. While businesses can implement defenses to privacy and hacking threats like adopting security features and training its personnel, there are no alternatives for refusing to modernize, and the consequences can be dire.

Rob Seamans: Not plugging in is the greater risk! AI/ML and digitization is the future. Individuals and firms that don’t embrace this are putting themselves at a competitive disadvantage.

Janis Foo: The European Union’s GDPR and California’s CCPA are interesting pieces of legisla- tion that leave a lot of room for interpretation. What are the primary things you look for to ensure a business partner is compliant with these regulations?

Erica Klipper: At MongoDB, customers expect us to implement state-of-the-art security measures certified under industry-recognized standards to protect not just personal information, but all data given to us by our customers or their end users. Similarly, when evaluating a new technology, we look for commitments from the vendor to maintain security protocols aligned with these industry standards. Another important best practice is to stay informed about developments in privacy law, both within the United States and abroad, and assess whether contracts satisfy the requirements of the most stringent privacy regulations.

Janis Foo: Most sales and marketing teams would posit that data is at the center of all they do. Recognizing that personalization and privacy are often two sides of the same coin, what framework do you use to help support tailored privacy preferences?

Jeff Teddleton: Regardless of the technology being employed, customer data is sacred and must always be protected. AI/ML are tools used to create context, learning, and value by evaluat- ing, modeling, and learning from data. Our data is our crown jewels and must be protected to the same standards regardless of the technology in use. The key benefits of AI/ML, like all others, must be measured, quantified, and assessed based on the KPIs being measured. We evaluate all security certifications that may have been achieved as a benchmark. SOC 2, PCI, HIPAA, FedRAMP, ISO 27001, ISO 27002, SOX, etc. First we review any re- ports that may be available, then we interview the responsible parties to ensure deep understanding of the infosec team and process. We always seek to understand and learn.

Erica Klipper: As the leading modern data-base platform on the market, MongoDB takes its obligations to protect the privacy of our customers and their end users seriously, but we are also com- mitted to finding new ways to make data easier to work with for our customers. This mission led to the launch in 2016 of MongoDB Atlas, our database-as-a-service offering, that allows our customers to focus their energies on creating innovative new technologies while leaving the complexities of database management to us. MongoDB Atlas is being used across the globe for business-critical applications in all industries while providing best-in-class security capabilities and compliance certifications such as PCI DSS, HIPAA, and more. The leadership at MongoDB is aligned not only on our commitment to providing the best solution out there, but also recognizing the criticality of making customers comfortable entrusting us with their data by continually enhancing our security protocols.

Janis Foo: Companies of differing sizes and at different points in their life cycle require different approaches to growth and taking on new technol- ogies, both of which come with risk. Large companies are often more likely to be targets of disruption, hacking, and privacy complaints, while smaller companies are more vulnerable to weak internal controls or limited resources. What should influence where, when, and how to deploy re- sources in this digital age?

Rob Seamans: Companies need to accept that digitization is the future. But there are many ways to digitize. In particular, despite what some in the popular press might say, companies should not think that increasing digitization means replacing labor with technology. In many cases, new technologies and digitization are complementary to human work. There are plenty of examples of firms that find they need to hire more aggressively once they digitize. There are also examples of firms that think they can replace human workers with robots or other technologies only to realize that they cannot. Tesla and Toyota are great examples. Both have said that they got rid of too many human workers when they adopted robots, only to rehire many of those workers later.

Erica Klipper: All businesses, regardless of size or budget, must carefully consider how to spend their resources, and the reality is that increasing headcount to address every task or challenge is rarely the answer. With that said, it makes perfect sense that a company’s approach to risk is significantly influenced by its size and stage of its life cycle. For example, a high-growth phase requires the prioritiza- tion of scaling, which can be done by im- plementing technologies that increase pro- ductivity and allow employees to spend more time creating innovative products andgo-to-market strategies. However, the focus cannot be limited to reward, and it is key to take steps to simultaneously minimize risk. While smaller or younger companies may lack the internal controls needed to assess the ongoing performance of all of their business systems, allocating more resources up front to perform thor- ough due diligence before implementing new solutions is an attractive strategy that facilitates reward while giving risk the attention it deserves. It’s important to remember, though, that there are limits to what technology can do. No matter how big or small, all companies depend on a team that is not only focused on excellence and growth, but that can also recognize threats as they materialize and take steps to protect the company’s future. Investing the time and money to recruit, hire, and retain intelligent, passionate, collegial, and dedicated people, and cultivating a culture that inspires employees to build together will remain a crucial component to succeeding in the modern world.

Janis Foo: Through your own experience assessing innovative products introduced into the workforce, how is the business world of today different from that of a decade ago? How do you view the future paradigm between compliance and innovation?

Rob Seamans: The world is starting to go through some rapid changes, thanks to the rapid development of technologies, including AI. Here at NYU Stern School of Business, we see lots of evidence of this in terms of the demand that students and employers have for new skills. For example, we have introduced a new master’s program in business analytics and a new “tech-focused” one-year MBA. Both are very popular and growing quickly.

Erica Klipper: The sheer volume of data, combined with the emergence of products that leverage data to improve company performance, is the most noticeable and impactful change I have seen in the business world over the last decade — and that applies to the legal world as well. Any attorney who recalls the pre-digital days of researching precedent by using hardcover reporters in a law library (and remember- ing to check the pamphlets in the back to see if the law has changed since the last edition was published!) knows that the law is no stranger to innovation. We continue to see new technologies created specifically for in-house lawyers — such as contract management systems that operationalize the contracting process from start to finish, monitor trends, and provide key metrics to track growth and efficiencies — and even use analytics to propose non-standard language for regularly negotiated terms. Even with all this innovation, I still see a future with attorneys adding value because no software can replace the element of human interaction and customer experience that is essential to the art of lawyering and doing business — or at least not yet.

“It’s important to remember, though, that there are limits to what technology can do… cultivating a culture that inspires employees to build together will remain a crucial component to succeeding in the modern world.”
ERICA KLIPPER

Jeff Teddleton: The business world has grown far more complex and complicated than ever before. The SaaS revolution has led sales teams to master the art of selling into business functions, leveraging the “land and expand” approach while often bypassing IT entirely. This presents an untenable position for infosec. Most companies have no idea how many third-par- ty vendors are in place and are always amazed when an internal audit reveals the real number and overall cost. Innovation will always be miles ahead of the law. Our goal is to operate our company effectively, efficiently, and as securely as possible without impeding forward progress. To be effective in this regard requires strong, trusting relationships, credibility of the process, and clear communication. What is the risk to companies who don’t adapt to this world? Failure…

Like this article?

Share on facebook
Share on Facebook
Share on twitter
Share on Twitter
Share on linkedin
Share on Linkedin
Share on email
Email to a Friend